bug 14484: Apply existed firewall rules when associating IP

It's not a elegant fix. The status for firewall rules should remain unchanged before/after ip association/disassociation. But the related change is tricky than this fix, may not get enough test for 3.0.1. So we would apply existed firewall rules again, which would work, just result in some unnecessary commands. status 14484: resolved fixed Reviewed-by: Edison Su
2012-03-23 19:06:25 -07:00 · 2012-03-23 19:06:25 -07:00 · d100b47bba
parent 71fd193b2c
commit d100b47bba
1 changed files with 15 additions and 0 deletions
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@ -253,6 +253,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
    @Inject
    NicDao _nicDao = null;
    @Inject
+    FirewallRulesDao _fwRulesDao = null;
+    @Inject
    RulesManager _rulesMgr;
    @Inject
    LoadBalancingRulesManager _lbMgr;
@ -894,14 +896,27 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                } else {
                    throw new CloudRuntimeException("Fail to get ip deployer for element: " + element);
                }
+                //We would apply all the existed firewall rules for this IP, since the rule maybe discard by revoke PF/LB rules
+                List<FirewallRule> firewallRules = new ArrayList<FirewallRule>();
+                boolean applyFirewallRules = false;
+                if (element instanceof FirewallServiceProvider &&
+                        isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, provider)) {
+                    applyFirewallRules = true;
+                }
                Set<Service> services = new HashSet<Service>();
                for (PublicIp ip : ips) {
                    if (!ipToServices.containsKey(ip)) {
                        continue;
                    }
                    services.addAll(ipToServices.get(ip));
+                    if (applyFirewallRules) {
+                        firewallRules.addAll(_fwRulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
+                    }
                }
                deployer.applyIps(network, ips, services);
+                if (applyFirewallRules && !firewallRules.isEmpty()) {
+                    ((FirewallServiceProvider) element).applyFWRules(network, firewallRules);
+                }
            } catch (ResourceUnavailableException e) {
                success = false;
                if (!continueOnError) {